- I plan to put in account locking after several wrong attempts (lock 30 mins after 5 wrong attempts).- Password recovery is handled by the server admin- their own policies.- I originally thought to update periodically with the name server but if you're generating a ton of keys then your wallet will get big very quickly... maybe it could update with the server everytime you generate a new key.

create a file in /var/db.bitnom.inc with these contents:<?php mysql_connect('localhost', 'your_login', 'your_pass') or die(mysql_error()); mysql_select_db('bitnom') or die(mysql_error());?>(as specified by db.php)

This would make for a good replacement for IP transactions, if it is specified to support comments (can be used to say who it is from, or what invoice is being paid) and uses SRV records. Unlike IP transactions, the simple HTTP nature allows people to just upload a script with a pre-defined list of addresses and write the comments for each address, using a stock web hosting service...

Directly storing the information in DNS is much faster, with newer network lookups and connections.

The official bitcoin client simply isn't designed for storing and serving lots of little bits of static data to the general public.

How would you see this work? I have an email that's, say, chromicant@gmail.com or something@gimp.org. I don't quite have control of the DNS servers in question...one I can nag an admin to change, and the other would never insert something into their DNS at this point.

How would I be able to find the mapping of email to a bitcoin address to send BTC? Or am I completely missing the point of this exercise?

I had the impression the roadmap called for a BitDNS-like decentralized mapping system, since Gavin asked to map "strings" to addresses. Maybe I misunderstood.

In my head I was imagining a way of telling bitcoin to subscribe to some service(s) that did the mapping-- maybe a setting in the GUI where you could specify "use these six services, in this order, to try to resolve bitcoin addresses that aren't plain-old-bitcoin-addresses." With the services specified by name+URL (and some standard REST-ful protocol was defined for mapping string to bitcoin address). Or maybe name+pattern+URL.

I haven't looked at genjix' patch, and haven't thought deeply about security issues-- but I bet there are lots...

How often do you get the chance to work on a potentially world-changing project?

Reasons to use HTTP over DNS:1. Compatible with cheap webhosting available anywhere2. Can generate new addresses (or pull them off a list) for every transaction3. Can be provided a comment, invoice ID, or from address to save in a database (associated with the generated address)

Now the URL is called using some remote methods like url + path + '/getaddress/' so that the implementation is non-specific to PHP. Anybody is free to create their own specific implementation with their own server policy. The current policy happens to be very simple (update record, set password, get address).

Like a user who wanted to setup their own private provider could setup an implementation on their server and disable creation of new accounts.

Obviously I want to get something in there with PK crypto... But haven't come up with a properly secure scheme yet. Many of them are prone to MITM attacks. However this can be used for small amounts effectively like a post on irc for somebody to send you X BTC to genjix@foo.org without having to open bitcoin.

There's 2 class of queries- the public fetch record (uses GET) and the 2 calls to change things and require a password (and hopefully more security in the future- uses POST).

The POST queries return a JSON. If there's a key by the name of "status" then it was successful and the value will give you an update as to what occured. If there's a key called "error" then it was unsuccessful and the value is an error message. The JSONs can also have other entries depending.

I'm thinking that on first usage, it seamlessly creates a new account and uploads the public key of the first bitcoin address in your wallet. Then you sign further POST requests using that key. That way the server can verify that you are who you claim to be.

Should a person need to have their public key changed/removed (because they lost their wallet) then they can contact the server admins and they can decide how/whether to delete their account so they can create a new one.